This text covers Lively listing penetration testing that may assist for penetration testers and safety specialists who need to safe their community.
“Lively Listing” Referred to as as “AD” is a listing service that Microsoft developed for the Home windows area community. Utilizing it you’ll be able to to manage area computer systems and companies which can be working on each node of your area.
Lively Listing Penetration Testing
On this part, now we have some ranges, the primary degree is reconnaissance your community. each consumer can enter a website by having an account within the area controller (DC).
All this info is simply gathered by the consumer that’s an AD consumer. Within the
Reconnaissance Instructions:
+ c: > web consumer
By working this command in CMD (Command Immediate) you’ll be able to simply see native customers in your PC.
+ c: >whoami
This command can assist you to see the present consumer related to Lively Listing logged in.
+ c: >whoami /teams
This command lets you present you the present group
+ c: > web consumer area
This command exhibits you all customers from any group within the lively listing.
additionally, you’ll be able to see each consumer’s group by working this command :
+ c: > web consumer [username] area.
To have a greater look, you’ll be able to consumer “AD Recon” script. AD Recon is a script
It
You’ll be able to obtain this script from GitHub: https://github.com/sense-of-security/ADRecon screenshots of the report of this app:
Once you get all AD customers, now you must check out the group coverage. The group coverage is a characteristic of Microsoft Home windows NT household of working programs that controls the working atmosphere of consumer accounts and laptop accounts. within the group coverage, you’ll be able to see atmosphere coverage reminiscent of”Account Lockout Coverage“.
It’s a
Once you get all of the
Brute Drive Lively Listing
To brute pressure assault on lively listing, you should utilize Metasploit Framework auxiliaries. You’ll be able to
msf > use auxiliary/scanner/smb/smb_login
The choices of this auxiliary you’ll be able to set username file and password file. and set an IP that has SMB service open.
then you’ll be able to run this auxiliary by coming into “run” command.
In the event you attempt false passwords greater than Account Lockout Coverage, you’ll be able to see this message “Account Has Been Locked out“.
In the event you attempt it on all accounts, all customers will
All hashes are saved in a file named “NTDS.dit” on this location :
C:WindowsNTDS
You’ll extract hashes from this file by utilizing
Then you’ll be able to see hashes and password (if the
The lively listing consists of a number of companies that run on Home windows servers, it consists of consumer teams, purposes, printers, and different assets.
It helps server directors to handle gadgets related with the community and it consists of quite a few companies reminiscent of Area, Certificates Companies, Light-weight Listing Companies, Listing Federation and rights administration.
Lively listing penetration testing is required for any group, nowaday APT teams actively focusing on Lively Directories utilizing totally different strategies.
Searching for Finest WAF Options on your internet purposes atmosphere?? Register for Free WAF webinar & discover the specialists ideas and Select the Finest one.. Very restricted seats accessible.. seize it right here at ProPhaze.
Supply & Credit
The Article Ready by Omid
You’ll be able to comply with us on Linkedin, Twitter, Fb for each day Cybersecurity updates additionally you’ll be able to take the Finest Cybersecurity programs on-line to maintain your self-updated.